Back to Top

 Skip navigation

Vaccination Data FAQ

Open in Excel:

Why is the Central Statistics Office (CSO) receiving vaccine data from the HSE?

The primary purpose of the CSO receiving the data is to support the public response to the crisis and in particular to provide evidence to support key decision makers including the Chief Medical Officer (CMO), the National Public Health Emergency Team (NPHET), the Department of Health and the Health Service Executive (HSE).

Evidence and access to relevant data for research purposes, including modelling purposes, has been at the heart of the public response to COVID-19.  The CSO receives COVID-19 related data from the HSE to produce independent Official Statistics based on the data while facilitating subsequent access to pseudonymised data for research purposes. COVID-19 research plays an essential role in tackling the pandemic, identifying areas for targeted intervention and ongoing planning and evaluation of requirements; in addition to other public policy decisions.

An example of how research on this data could be used in practice would be to create a greater understanding of variation in COVID-19 risks to people with underlying conditions in order to tailor health promotion and protection measures.

This is critical in the immediate context of tackling COVID-19, but also more broadly to optimise data and evidence-informed decision-making to transform how health care is delivered and indeed how we manage our own health.

This type of data will advance medical treatments, health service delivery, inform policy and planning across Government and wider society.

How will this vaccine data be published and what information will be provided?

Experimental statistics on vaccine take-up produced by combining a limited dataset from the HSE Vaccine Information System with other pseudonymised datasets available to the CSO will be published as part of a series of statistical bulletins on the CSO website.
This work is based on a statistical collaboration with Public Health and Departmental Officials under the Statistics Act, 1993 Section 11 agreement.

What level of aggregate data will be provided?

In order to balance the public interest in vaccination rate patterns with ensuring that statistical confidentiality and individual privacy is preserved, vaccine uptake rates will be published at high level aggregates.  Age will be grouped into bands of 18- 24 years, 25- 44 years, 45- 64 years, and 65 years and over. Nationality statistics will be classified into Irish, UK, EU13 EU14-27 and rest of world, in line with previous CSO practices. Analysis on employment will be at NACE economic sector letter level.

What level of geographical data will the information provide and why?

The most detailed statistics on vaccine take-up will be published at LEA, in line with data on COVID-19 incidence rates, which will facilitate comparisons of both sets of information. In 2020 the Department of Health (DoH) chaired a group which included the Health Protection Surveillance Centre (HPSC), the Health Service Executive (HSE), the Health Intelligence Unit (HIU), the CSO, Ordnance Survey Ireland (OSi) and Maynooth University (MU) to look at options for geographic dissemination of COVID-19 incidence in Ireland. The group reviewed the most appropriate level of geography at which to publish data in order to balance the public interest in regularly updated data for local areas and the requirement to minimise the risk to an individual’s privacy and confidentiality. The CSO advised that LEA is the most appropriate level to achieve this. There are 166 LEAs in Ireland with an average population of 28,700 (ranging from 9,800 to 63,000). Each county and city is divided into a number of LEAs.

What is the legal basis for the CSO to access this data?

Access by the CSO to these sensitive confidential health records is underpinned and provided for by a written request under Section 30 of the Statistics Act, 1993 - ‘Use of Records of Public Authorities for Statistical Purposes’ by the written permission of the Minister for Health.

Section 30 of the Statistics Act states that:

(1) For the purpose of assisting the Office in the exercise of its functions under this Act, the Director General may by delivery of a notice request any public authority to—

(a) Allow officers of statistics at all reasonable times to have access to, inspect and take copies of or extracts from any records in its charge, and

(b) Provide the Office, if any such officer so requires, with copies or extracts from any such record,

(2) Subsection (1) of this section—

(b) Shall apply to medical records which are not publicly available only with the agreement of the Minister for Health;

Processing of personal health data as contained in the COVID-19 Data Flows is permitted under Article 6.1.e, Article 9.2.i and j of the General Data Protection Regulation (GDPR).

Processing of personal health data as contained in the COVID-19 Data Flows is also permitted under Sections 38.1.a, 42.1.c, 53 and 54.c of the Data Protection Act 2018

How is personal information protected?

The data is pseudonymised before it is made available for statistical analysis. The pseudonymisation process includes the removal of identification information such as name and address details and the deployment of Protected Identifier Keys (PIKs) in place of identification numbers. PIKs protect the original identifier numbers while also preserving link capabilities across datasets. The process also involves replacing Eircodes with a PIK and rounding the date of birth to the first of month, which allows calculation of age while protecting actual date of birth.

Does the CSO share this data with any third parties?

In line with the legal guarantees of confidentiality provided for in the Statistics Act, 1993, the CSO never shares any personal data with any third parties whether they are government bodies, private entities or commercial operations.

One of the core principles of a National Statistical Institute (NSI) is protection of the confidentiality of all information supplied by data providers which is provided for in law in Ireland. The CSO’s ability to compile Official Statistics is based on the extent to which individuals and companies trust the CSO with sensitive information and the CSO’s legal guarantee of confidentiality for all data providers is built on the fundamental requirement of non-disclosure of confidential data as set out in national and EU statistical legislation.

Is your personal data confidential?

All information supplied to the CSO is treated as strictly confidential. The Statistics Act, 1993 sets stringent confidentiality standards. Information collected may be used only for statistical purposes and no details that might be related to an identifiable person may be divulged to any other government department or body.

Where is the data stored?

The CSO is accepting multiple data flows from the HSE during the COVID-19 pandemic. The incoming data is being processed, pseudonymised and stored securely on CSO servers. As governed by the CSO Data Management Policy, the data flows are stored in the Administrative Data Centre (ADC) warehouse.

How long will COVID-19 data be stored for?

By agreement between the CSO, DoH and the HSE, the CSO will conduct a post-pandemic review which may make certain recommendations regarding the duration of the data storage of COVID-19 related data sources.

In light of the pandemic-related exigencies of this data processing exercise, the over-riding priority will be to ensure that no data is kept for longer than is necessary for the purposes for which it was collected.

This is in line with the European Data Protection Board guidance 03/2020 (section 5.3, page 10), which is that data in this category shall only be processed as long as it is both necessary and proportionate to do so.

Will vaccine data be part of the CSO’s COVID-19 Data Research Hub?

Yes, the CSO will host pseudonymised vaccine data when a more complete database is available from the HSE. As with all researcher data, there is a time gap between data availability and the ability to share it given the stringent data protection protocols involved. The CSO also provides documentation describing the data to researchers which can take some time to prepare for new data sources. 

CSO publication, , 11am